[2/2] mesos git commit: Added regression test against fetcher SSL spillover.

[ti...@apache.org]

Added regression test against fetcher SSL spillover.

Review: https://reviews.apache.org/r/56771/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/209f8e7f
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/209f8e7f
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/209f8e7f

Branch: refs/heads/master
Commit: 209f8e7fd1c9da1140976748f85d05a426848e0e
Parents: 916a43e
Author: Till Toenshoff <to...@me.com>
Authored: Thu Feb 23 01:53:50 2017 +0100
Committer: Till Toenshoff <to...@me.com>
Committed: Thu Feb 23 01:53:50 2017 +0100

----------------------------------------------------------------------
 src/tests/fetcher_tests.cpp | 61 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/209f8e7f/src/tests/fetcher_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/fetcher_tests.cpp b/src/tests/fetcher_tests.cpp
index 9c7e8b9..c4854b9 100644
--- a/src/tests/fetcher_tests.cpp
+++ b/src/tests/fetcher_tests.cpp
@@ -1088,6 +1088,67 @@ TEST_F(FetcherTest, HdfsURI)
 }
 #endif // __WINDOWS__
 
+
+// Regression test against unwanted environment inheritance from the
+// agent towards the fetcher. By supplying an invalid SSL setup, we
+// force the fetcher to fail if the parent process does not filter
+// them out.
+TEST_F_TEMP_DISABLED_ON_WINDOWS(FetcherTest, SSLEnvironmentSpillover)
+{
+  // Patch some critical libprocess environment variables into the
+  // parent process of the mesos-fetcher. We expect this test to fail
+  // when the code path triggered does not filter them.
+  char* enabled = getenv("LIBPROCESS_SSL_ENABLED");
+  char* key = getenv("LIBPROCESS_SSL_KEY_FILE");
+
+  os::setenv("LIBPROCESS_SSL_ENABLED", "true");
+  os::unsetenv("LIBPROCESS_SSL_KEY_FILE");
+
+  // First construct a temporary file that can be fetched and archived with
+  // gzip.
+  Try<string> dir = os::mkdtemp(path::join(os::getcwd(), "XXXXXX"));
+  ASSERT_SOME(dir);
+
+  Try<string> path = os::mktemp(path::join(dir.get(), "XXXXXX"));
+  ASSERT_SOME(path);
+
+  ASSERT_SOME(os::write(path.get(), "hello world"));
+  ASSERT_SOME(os::shell("gzip " + path.get()));
+
+  ContainerID containerId;
+  containerId.set_value(UUID::random().toString());
+
+  CommandInfo commandInfo;
+  CommandInfo::URI* uri = commandInfo.add_uris();
+  uri->set_value(path.get() + ".gz");
+  uri->set_extract(true);
+
+  slave::Flags flags;
+  flags.launcher_dir = getLauncherDir();
+
+  Fetcher fetcher;
+  SlaveID slaveId;
+
+  Future<Nothing> fetch = fetcher.fetch(
+      containerId, commandInfo, os::getcwd(), None(), slaveId, flags);
+
+  // The mesos-fetcher runnable will fail initializing libprocess if
+  // the SSL environment spilled over. Such failure would cause it to
+  // abort and exit and that in turn would fail the `fetch` returned
+  // future.
+  AWAIT_READY(fetch);
+
+  if (enabled != nullptr) {
+    os::setenv("LIBPROCESS_SSL_ENABLED", enabled);
+  } else {
+    os::unsetenv("LIBPROCESS_SSL_ENABLED");
+  }
+
+  if (key != nullptr) {
+    os::setenv("LIBPROCESS_SSL_KEY_FILE", key);
+  }
+}
+
 } // namespace tests {
 } // namespace internal {
 } // namespace mesos {